Data transmitted between a reader and a transponder (in particular a smart card or an RFID tag) are encrypted so that an attacker can not gain the data and use it for criminal acts. For personal data, account data, credit card numbers and the like the use of this encryption is quite obvious. Because newer smart cards can emulate more smart cards, i.e. support a number of different applications, also the supported applications shall be obscured. The use of that is not obvious a priori. However, thinking about a card which supports applications from “Visa”, “American Express”, “Wal Mart”, and “Subway New York” the use becomes clearer as it is very likely that this card belongs to an American citizen. With this “stigmata” he easily can get a target of a terrorist.
In the following, some further considerations regarding conventional communication systems will be described.
Privacy may be related to an individual and to a group of people sharing a certain property (e.g. US citizen). Protection of privacy may be desirable.
Privacy can leak in various ways. Conventionally, the UID (unique identifier) of the card used in collision detection is readable in plain. So, an individual user can be scanned at several places.
A conventionally available solution is to use a Random ID (RID). However, still the authentic applications in the readers need to know which card they communicate with, so there is still a need for a Unique Card Logical ID (UCLID).
When a card presents its type, brand, etc. this seems harmless. However, the knowledge that card type X of manufacturer Y is in use by the New York subway and has not been bought by many cities reveals that the bearer of such a card is with high likelihood a New Yorker.
It may be desirable that breaking one key used for one application shall not break the privacy for other applications.
WO 2006/003562 furthermore discloses a method of choosing one of a multitude of data sets being registered with a device, wherein each data set is associated with a specific key, wherein exchange information is encrypted in the device using one key of the keys, encrypted exchange information is sent to the remote device, decrypted there using the one key stored in the remote device, and decrypted exchange information is then sent back to device. Subsequently, the exchange information is compared with the decrypted exchange information. If the two are equal, the right data set is found, otherwise the cycle starts again with another key. Roles of device and remote device may change so that the cycle may be initiated in a remote device. WO 2006/003562 also relates to a device for presenting one of a multitude of data sets being registered with the device to a remote device.
However, said method uses trial authentications which are rather time consuming. Moreover it does not support multi-application readers.